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CVE CVE-2022-40740 


Title Realtek SDK - Command Injection in GPON router WEBGUI 
Descript | There is a vulnerability in the authentication field of the GPON WEB page. 
ion An attacker could destroy credential configuration files via inputting the 


command with sign ‘&&’ to concatenate another command and then 

execute arbitrary commands. The root cause is that ONU does not check 

the format of the authentication field and filter illegal characters in the 

WEB Server. 

Severity | High 

CVSSv3 | AV:N/AC:H/PR:H/UI:R/S:C/C:H/I-H/A:H/E:P/RLO/RC:C/CR:L/IR:H/AR 
:H/MAV:L/MAC:L/MPR:H/MUTI:R/MS:C/MC; 

Vulnera | DENIAL OF SERVICE (DOS) 

bility 


y @ 
CWE CWE-20 Improper Input Valida xS 
Affected | All Realtek xPON IC 

Chipsets 

Affected | Realtek xPON SDK 1.9/3.3/40 k1.0/usdk2.0/usdk2.2 
Softwar GZ 


e 
Versions 
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